1 / 23

NetScreen Technologies

NetScreen Technologies. Security Solutions the NetScreen Way Peter Crowcombe – EMEA Marketing Manager. Agenda. About NetScreen Security Innovation Unique Architectures Threats and Responses VPN leadership Total cost of ownership The future of security. About NetScreen.

nenet
Download Presentation

NetScreen Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NetScreen Technologies Security Solutions the NetScreen Way Peter Crowcombe – EMEA Marketing Manager

  2. Agenda • About NetScreen • Security Innovation • Unique Architectures • Threats and Responses • VPN leadership • Total cost of ownership • The future of security

  3. About NetScreen • Leading supplier of network security solutions for large scale and high capacity enterprise and carrier networks • Integrated firewall, VPN and traffic management • Leading market share • #1, #2 or #3 in key VPN and firewall categories* * Based on data from Dataquest/Gartner Group, Infonetics Research, International Data Corp.

  4. NetScreen Innovation NetScreen firsts: • An integrated Firewall and VPN appliance with ASIC acceleration for FW AND VPN • Virtual system architecture • With separate policy tables, addressing and management • Integrated active-active, full mesh, stateful High Availability • Ship Gigabit Firewall & VPN appliance • Ship 4 Gigabit Firewall appliance

  5. Resulting in NetScreen Delivering Industry-Leading Growth $ Millions $29.0

  6. Global PRO Optimized Security Platform Optimized Security Platform ScreenOS ScreenOS ScreenOS GigaScreen ASIC GigaScreen ASIC GigaScreen ASIC Superior Security, Performance and Economics compared with software/processor based architectures Unique Solution & Technology Platform GigaScreen ASIC

  7. GigaScreen-II ASIC Technology Management module • GigaScreen-II is a security processor • Breakthrough performance • 2 Gbps firewall; 1 Gbps VPN • Massive scalability • Linear scalability when connected to a switched backplane • Complete security processing • Complete packet processing with little to no CPU intervention • Programmability • Ability to add packet classification and content inspection engines CPU Data Exchange (first packet, IKE etc) Control GigaScreen-II ASIC / Flow Processor Flow Traffic

  8. NetScreen-5000 Chassis Architecture Back plane 32 bit - Bus 0 • Dual Bus Architecture • Control Traffic between GigaScreen-II and Management Module • Data Exchange between the Management Module and the GigaScreen-II via Dual Access High Speed RAM (SRAM) • 15 Gigabit switch fabric and Multiple Module Slots (5400) • Slots for Multiple Secure Port Modules or additional new modules • Packet Flow Traffic between Secure Port Modules or Future modules 64 bit - Bus 1 15 Gbps switch fabric Secure Port Module Future Tech. Modules Secure Port Module Mgmt Module Flow Control First Packet, IKE, etc

  9. Comprehensive Product Line Enterprise Telecommuter Network core Central Site Medium Site Small Office NetScreen-500 NetScreen-5XT NetScreen-50 NetScreen-5000 Series NetScreen-5XP NetScreen-25 NetScreen-200 Series NetScreen -Remote NetScreen-1000 NetScreen-Global PRO NetScreen-Global PRO Express

  10. Security Deployment Drivers Source Infonetics 2002

  11. Security Threats Are Growing Security Incidents Reported to CERT 60,000 • Outside attacks that compromise perimeter security • Denial of service, VPN U-turn attacks • Trojan horse attacks that penetrate the enterprise • New application requirements • Segmentation of departmental resources • Wireless LANs 2001: 52,000+ incidents (Code Red, Nimda) 50,000 40,000 30,000 # of incidents 20,000 1988: 6 incidents (Kevin Mitnick) 10,000 0 Computer Emergency Response Team (CERT) is a federally funded research and development center specializing in Internet security operated by Carnegie Mellon University.

  12. Unauthorized Personnel Unauthorized Wireless User Compromised Computer Worms / Compromised Server Unauthorized Wireless User Trojans / Disgruntled / Dishonest Employee Security Threats Regional Office Branch Office VPN ((( VPN Internet Telecommuter VPN Firewall VPN ((( DMZ Servers Finance Servers

  13. OR Security Domains Integrated FW/VPN with attack blocking and user authentication Branch Office Regional Office Telecommuter (((( Wireless VPN - Client Internet Notebook & PDA (VPN) Greater Segmentation & Policy Control Internal / External threats treated equally Web Wireless (((( Admin (((( DMZ VPN - Client E-mail Finance Central Site

  14. Paybacks and Benefits of VPNs Q. On a scale of 1 to 7, where 1 is “not important” and 7 is “extremely important,” please rate the importance of the following expected paybacks and benefits in your decision to implement VPNs: 57% Increased security 45% Dial-up or dedicated connection cost savings Increased bandwidth using VPNs with DSL, cable, or broadband wireless 44% 43% Reduction of operation and management costs Ability to quickly add remote access users, sites, or extranet partners 42% 41% Improved communications with customers 41% Increased geographic coverage 34% Any to any connectivity 32% Increased network uptime 17% Ability to carry voice over IP Source Infonetics 2002

  15. Mobile VPN Small site, Temp site VPN Intranet VPN Partner A Partner B Partner C Home GPRS Internet Content GRX Remote Access Content Ser AV Services IDS Services Application Ser Overseas GPRS Leaders in VPN technology MPLS Data Centre /SP NOC

  16. Legacy Network IPNetwork Change Scenario A: Direct One-to-One Comparison Small Site Bandwidth (8 sites) 56-64 Kbps 56-64 Kbps No Change Monthly Cost/Site $280 $75 Save $205 Medium Site Bandwidth (2 sites) 384 Kbps 384 Kbps No Change Monthly Cost/Site $1,150 $190 Save $960 Central Site Bandwidth (1 site) T-1 T-1 No Change Monthly Cost/Site $3,275 $1,570 Save $1,705 Total Annual Costs $93,780 $30,600 Save $63,180 Time to pay back initial hardware investment ($6,000 to $10,000): 1.1 – 1.9 Months Frame to IP VPN Migration ScenariosApples to Apples – Equal Bandwidth The initial hardware purchase is based on average pricing for NetScreen appliances while the bandwidth rates are based on averages derived from multiple carrier offerings. This example does not include network management, installation expense, time to migrate multiple networks, etc. Source: TeleChoice – Building the business case for IP VPNs

  17. Firewall Features Source Infonetics 2002

  18. Milestones • 1st device that detects and prevents attacks by dropping malicious packets (patent pending) • 1st to implement Multi-Method Detection to maximize attack detection • 1st to utilize Stateful Signature Detection to help reduce false alarms • 1st centralized, rule-based management of intrusion detection and prevention IDP - The future of security • Definitive agreement to acquire OneSecure for $40.3 million • Innovative intrusion detection and prevention appliance accurately detects attacks, stops attacks and is easy to manage • Immediately address IDS market with intrusion prevention products • The best technology, architecture and people to accelerate NetScreen’s delivery of next generation integrated security gateway and management

  19. HR Servers Users FinanceServers WebServer MailServer User CodeRed Firewall Intrusion Prevention - OneSecure • Innovative intrusion prevention and detection product • Improved intrusion detection accuracy, reducing false alarms and detecting more attacks • Multi-Method Detection • Stateful Signatures • True attack prevention to eliminate impact of attack • In-line operation

  20. Intrusion Detection strategies Source Infonetics 2002

  21. Phase II: 1H03 Phase III Integrate key IDP features into ScreenOS. New processing blade NS-5000 Develop silicon & hardware for next- generation platforms Enhance IDP Enhance IDP Integrate management platforms Enhance Management Intelligence NetScreen-OneSecure Integration Plan Phase I: At Close Introduce & Re-brand OneSecure IDP. Scale performance to gigabit levels Introduce & Re-brand OneSecure IDP Management

  22. Innovation in the Security market “Gartner believes that the primary security gateway, the firewall, should provide for this in-line inspection and action taking. Thus, we see this move by NetScreen as the first market move toward fulfilling our vision of firewalls that look deeper into packet streams and make higher-level decisions. Enterprises will need this capability to implement strong, application-aware edge security on a variety of security platforms..” Gartner Group August 27, 2002

  23. NetScreenScalable Security Solutions

More Related